Reviewing your SSH keys

You can delete unauthorized (or possibly compromised) SSH keys to ensure that an attacker no longer has access to your repositories. You can also approve existing SSH keys that are valid.

In the upper-right corner of any page, click your profile photo, then click Settings.

In the user settings sidebar, click SSH and GPG keys.

On the SSH Settings page, take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click Delete. If there are valid SSH keys you'd like to keep, click Approve.

Note: If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the SSH key audit error will be highlighted in the list of SSH keys.

Open Terminal.

Start the ssh-agent in the background.

$ eval "$(ssh-agent -s)"
> Agent pid 59566

Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:

In the upper-right corner of any page, click your profile photo, then click Settings.

In the user settings sidebar, click SSH and GPG keys.

On the SSH Settings page, take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click Delete. If there are valid SSH keys you'd like to keep, click Approve.

Note: If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the SSH key audit error will be highlighted in the list of SSH keys.

Open Git Bash. If you're using Git Shell, which is included in GitHub Desktop, open Git Shell and skip to step 6.

In the upper-right corner of any page, click your profile photo, then click Settings.

In the user settings sidebar, click SSH and GPG keys.

On the SSH Settings page, take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click Delete. If there are valid SSH keys you'd like to keep, click Approve.

Note: If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the SSH key audit error will be highlighted in the list of SSH keys.

Open Terminal.

Start the ssh-agent in the background.

$ eval "$(ssh-agent -s)"
> Agent pid 59566

Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:

Warning: If you see an SSH key you're not familiar with on GitHub, delete it immediately and contact GitHub Support or GitHub Premium Support for further help. An unidentified public key may indicate a possible security concern.